bab6f502c04201e9109a280581115b5fc5b01aab7310bda94113dc9c8c6b31e8 | Triage

Sharing

General

Target

AssassinX_Fixed.zip
Size

9.4MB
Sample

240424-s8vmzscf95
MD5

265ec10ae5dd847cf3ebc0ed33b6e01d
SHA1

f3af8defd5de73e23597b73491c3342dcdea387a
SHA256

bab6f502c04201e9109a280581115b5fc5b01aab7310bda94113dc9c8c6b31e8
SHA512

e3394b7121b6ed79cfb914eb65b32c8f2ec2cc16d18f796c5ef0209e9165ebb57b31251fdb98a70b09a8cf6dfb15dda61db3f854174aa8a98dbec04312cf47ad
SSDEEP

196608:sfaOyX8CTI79ksVUAvb7WGKYtS27unFhFHPuB9BQoTNejOWJiX6DbluU1:sfa6C4kGBdKYtSxOQoTErJ5huE

Score

7^/10

pyinstaller

Malware Config

Targets

- Target
  
  Assassin X.exe
- Size
  
  3.4MB
- MD5
  
  3d116978ecbae75701e4b942380c9cc4
- SHA1
  
  7a65e948e556dc5d99b9473e139e2f8c60e6f226
- SHA256
  
  0ef41cdb74e220a2ba138fe0625c210e0c5283c24625c1a45926a930d66dce45
- SHA512
  
  9253593927761298f36e2782b0e1920eaa5d13de34b02f5ad1719b3b0b5a69ac8c6c4e32e5c347a4c49cd3e6def693dddf6c5e74cfc9b97cd08ad2aca22a3602
- SSDEEP
  
  24576:SNgyNilNR2zTJF2ZHuduTJTyCA59q0aSeQyW72/JW363Qf0ukHe7cOFxNF:2gizdwlyCA59qRSnh2/0se7cOt
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  Injector.exe
- Size
  
  8.0MB
- MD5
  
  f6ceae9c4a35e316819f77b336855b1e
- SHA1
  
  2380dc142f9cac975427bc9e5fe2b5465d859ad9
- SHA256
  
  79d08b45dcc548332cbe000742df8879934d7bd6f88e8e32558fd3410f812b22
- SHA512
  
  b6ef765d485430bd6871d5936cd38a8d7241555008e1be334fd69d3921eb5fb331bcb12053ac641464ffb5e2979bf254423531385aab72fe112546ff4a739bc6
- SSDEEP
  
  196608:Ls9OEbGXVJGyICteEroXxcw+3zlxZV3Gu5D4S26cSEqCS3L9RTKn5lu:LEuDInEroX2314S2Ilr9QDu
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral3 behavioral4
- Target
  
  Microsoft.Toolkit.Uwp.Notifications.dll
- Size
  
  140KB
- MD5
  
  b4ec92287b0d96daad899236192de30e
- SHA1
  
  7e0ae9fd688f4a122acc38de99d166cdddde3f52
- SHA256
  
  8750440e6049ae487c02b41fbe3692790667504d2f31a7247c14179d302f887a
- SHA512
  
  ab547e3dfa75d21820416be1a38e7a7664080312efed13e9b4f14d6f9c6c759f962b6912a18fd4995cac22d9ad11bd857c61f7bbd9d1ed09effef743bdbd922f
- SSDEEP
  
  1536:5RdbKFBNaWYYK8gwb+zPws86WGkGaBb6ktu4YLHwYfJe5K+Q7GeH7I/65tWI6LXh:P9ENDYz2GLm6MBYLHr1+/47O/Ki
Score

1^/10
behavioral5 behavioral6
- Target
  
  System.ValueTuple.dll
- Size
  
  24KB
- MD5
  
  23ee4302e85013a1eb4324c414d561d5
- SHA1
  
  d1664731719e85aad7a2273685d77feb0204ec98
- SHA256
  
  e905d102585b22c6df04f219af5cbdbfa7bc165979e9788b62df6dcc165e10f4
- SHA512
  
  6b223ce7f580a40a8864a762e3d5cccf1d34a554847787551e8a5d4d05d7f7a5f116f2de8a1c793f327a64d23570228c6e3648a541dd52f93d58f8f243591e32
- SSDEEP
  
  384:VyPa16oAL4D+wW9IWmDIW4IWYDMFm0GftpBjMIraQHRN7VlmTpF0:VWs6oqDjADKeDYViG+LN
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8